I see references to the Spamhaus PBL and ZEN blocklists in the SpamAssassin rules, and I'm confused / concerned about this.
According to the web page (http://www.spamhaus.org/pbl/), the Spamhaus PBL "is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use." Spamhaus also says that servers should "not use PBL in filters that do any 'deep parsing' of Received headers, or for other than checking IP addresses that hand off to your mailservers." The issue is that a piece of mail might *legitimately* originate from a host in the Spamhaus PBL, as long as the mail leaves the user's machine via his/her ISP's mail relay and is *not* being sent directly from the user's machine to the intended destination. Does the RCVD_IN_PBL rule in SpamAssassin take care to check *only* the *last* (chronologically last, physically first) "Received:" line? Or does it parse *all* the "Received:" header lines and match *any* occurrence of a PBL-listed relay *anywhere* along a message's delivery path? If the rule checks *all* of a message's relay sites against the PBL, I believe this is wrong. Similar comments for the Spamhaus ZEN list, which includes the PBL information. (The comment in 20_dnsbl_tests.cf saying that "Spamhaus SBL+XBL" is "now called Zen" is in error -- the ZEN list combines SBL, XBL, and PBL.) Comments on this? Am I missing something here? Rich Wales Palo Alto, CA ri...@richw.org
